New Gmail phishing scam might trick everyone

Phishing scams became mainstream last year. In 2016 various organisations and companies have suffered from these cyber attacks. Scammers are inspired and motivated by their success and keep looking for the new ways to swindle private information from the computer users. Nevertheless, crooks used social networks and SMS for phishing attacks last year; emails were the main tool for these crimes. This year scammers polished their old methods and shown that anyone can become a victim of the phishing. Fraudulent emails barely differ from the official emails sent by popular email service providers or other companies. Recently discovered Gmail phishing scam proved that even professionals might suffer from the fraud if they don’t pay enough attention.

Hackers try to reach the wide audience of the potential victims, so they mostly attack devices that run popular operating systems, such as Windows. Scammers follow the same example. Thus, there’s no surprise that Gmail users often have to deal with various phishing scams. Some of the misleading emails might be sent from someone from their contact list. Hence, it gives the sense of credibility, and people are easily tricked to click on the provided attachment. However, these emails might look like sent from the particular organisation, social networks or Gmail itself. Sadly, these emails barely differ from the real ones.

Nevertheless, Google has recently started a fight against hackers and blocked Javascript attachments; scammers found a new way to continue their illegal projects. The recent Gmail phishing campaign asks people to open the attached PDF file. However, it’s not a real file; it’s just a trick to make users click on the file which opens a new tab in the browser. People are redirected to the corrupted website where they are asked to log in to their Gmail account. Unfortunately, this site looks identical to Gmail login page. However, it is possible to identify this trickery. Phishing site has an obfuscated address. Nevertheless, its name has a phrase “accounts.google.com”; it’s not the real address. Checking the location bar reveals that this fraudulent site has“data:text/html” instead of the usual “https://.” Obviously, entering login details to this website might lead to the hacked account.

When a user enters their credentials to the corrupted site, scammers get access to the account. According to the victims, cyber criminals use hacked email to send this scam to the victim’s contact list. Thus, victim’s friends, family, and co-workers might think that the attachment is safe to open. However, it’s malicious. Scammers often try to get people personal information such as passwords, login details, bank account numbers or credit card details. Thus, this cyber crime might lead to stolen money or even identity theft. Thus, security experts that two-step verification helps to prevent cyber criminals from hacking into your account. It is recommended to enable this function to all email, social media, and other accounts. What is more, Google Chrome users should install the latest update which informs about insecure websites. For instance, when entering phishing site, the location bar will show “Not Secure” message. However, not everyone uses this browser or pays attention these tiny letters. Though, paying attention to details is the best protection from scammers.